Penetration Testing mailing list archives
Re: Pentest Criteria
From: TAS <p0wnsauc3 () gmail com>
Date: Sun, 5 Sep 2010 12:27:26 +0530
Porbably SANS. But I am not very sure if that really fits into "best practice which lends itself to pentests" thing. If you are looking at classification of the vulnerabilities than OWASP and WASC are ready references. TAS On 2 September 2010 01:12, Kurt M. John <kurt.md.john () gmail com> wrote:
Hey guys, Another question for you. Usually when we do pentests for our clients we report our findings and recommendations. We've never had to report the criteria our findings/vulnerabilities are based on as well. By criteria I mean industry standards or best practices, e.g., NIST 800_53, CoBIT, etc. What if a client wants criteria reported as well. I'm not sure if there is one I can use without running the risk of it being too far removed. Is there a frame work or best practice which lends itself to pentests? Or do I have to try to layer NIST on top of it Thoughts? Thanks guys. Kurt M. John, CISA, C¦EH, CPT Sent from my HTC on the Now Network from Sprint! ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Pentest Criteria Kurt M. John (Sep 03)
- Re: Pentest Criteria TAS (Sep 05)
- Re: Pentest Criteria Pete Herzog (Sep 07)
- Re: Pentest Criteria Wim Remes (Sep 08)
- Re: Pentest Criteria Pete Herzog (Sep 08)
- Message not available
- Re: Pentest Criteria Pete Herzog (Sep 08)
- Re: Pentest Criteria Wim Remes (Sep 08)
- Re: Pentest Criteria Pete Herzog (Sep 08)
- Message not available
- Re: Pentest Criteria Kurt M. John (Sep 09)
- RE: Pentest Criteria Cor Rosielle (Sep 09)
- Message not available
- Re: Pentest Criteria Pete Herzog (Sep 09)
- Re: Pentest Criteria Pete Herzog (Sep 07)
- Re: Pentest Criteria TAS (Sep 05)